package com.zjuee.gateway.realm;

import com.zjuee.base.bean.response.CommonResultCode;
import com.zjuee.base.enums.UserStatus;
import com.zjuee.base.exception.BaseException;
import com.zjuee.base.model.AuthUser;
import com.zjuee.base.model.common.auth.User;
import com.zjuee.gateway.bean.MyToken;
import com.zjuee.service.auth.service.UserService;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;

import java.util.Set;

/**
 * Shiro 控制用户认证与授权
 *
 * @author wu liang
 * @since 2020/8/13 9:54
 */
public class MyShiroRealm extends AuthorizingRealm {
    private UserService userService;
    public void setUserService(UserService userService) {
        this.userService = userService;
    }


    /**
     * 授权
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        AuthUser user = (AuthUser) principalCollection.getPrimaryPrincipal();
        // 权限集合,这里我们使用用户所分配资源的url来作为用户拥有的权限
        // 校验hasPerms规则
        Set<String> perms = null;
//        perms = userService.findPerms(user.getUserId());


        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        // 这里使用用户类型校验hasRoles规则
//        info.addRole(user.getUserType());
        info.addStringPermissions(perms);
        return info;
    }

    /**
     * 登录认证
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        MyToken token = (MyToken) authenticationToken;

        //从数据库根据用户名或密码获取用户
        String loginName = token.getUsername();
        User user = userService.selectByName(loginName);
        if (user==null) {
            throw new BaseException(CommonResultCode.ACCOUNT_ERR);
        }

        //用户禁用判断
        if (user.getUserStatus() != UserStatus.SUCCESS.getValue()) {
            throw new BaseException(CommonResultCode.LOGIN_DISABLED);
        }
        //封装登录用户信息
        AuthUser authUser = new AuthUser();

        authUser.setId(user.getId());
        authUser.setName(user.getName());
        authUser.setRealName(user.getRealName());
        authUser.setPhone(user.getPhone());
        authUser.setOrgId(user.getOrgId());
        authUser.setUserType(user.getUserType());
        authUser.setUserStatus(user.getUserStatus());
        authUser.setLoginCount(user.getLoginCount());
        authUser.setLastLoginIp(user.getLastLoginIp());
        authUser.setLastLoginTime(user.getLastLoginTime());
        authUser.setLoginTime(user.getLoginTime());
        authUser.setLoginIp(user.getLoginIp());

        //以用户名加盐加密校验密码
        ByteSource credentialsSalt = ByteSource.Util.bytes(user.getName());
        return new SimpleAuthenticationInfo(authUser,user.getPassword(),credentialsSalt, getName());
    }

}
